Hey guys,

With my customer base growing in size I'm faced with an overload of limesurvey login data.
Impossible to keep track of all the details I am spending a growing amount of time looking for specific installations' details in my mailbox.

To solve this issue I'm proposing adding a dev plugin to the set of core plugins.
Here is what I'm envisioning:

- The plugin, when enabled, adds public key authentication to limesurvey.
- Plugin configuration allows an end user to enable individual public keys.
- By default the core plugin contains a public key for each limesurvey developer (that wants his / her key to be included).
- The plugin encrypts the URL of the installation, the installation name and a user configurable description using the enabled public keys and sends them  to a central server.
NOTE: Since only the developer with the corresponding private key will be able to decrypt the server information there is no way attacking the central server could leak a list of limesurvey installations. Furthermore note that any leakage would only supply a list of LS installations and no login data, ever.

- The developer uses a simple script / personal web site to decrypt the server list and can then directly click on a link that sends him to the limesurvey installation where he logs in.
This logging in done in several steps. 
1. The script / personal website asks the installation for a (random) challenge.
2. The script / personal website encrypts the challenge using the private key and sends the encrypted message and a hash of the public key to limesurvey.
3. Limesurvey checks if the public key is known / active and tries to uses it to decrypt the reponse and obtain the challenge.


The challenge can be implemented stateless in a stateless by using symmetrical encryption or HMAC. Using symmetrical encryption will reduce information leakage in case an attacker tries to obtain a challenge manually.

Any thoughts on this? I'm convinced this is more secure for the end user than the current approach of manually adding users to his / her system and it will definitely be easier for people (forced to) support multiple limesurvey installations.

Cheers,

Sam